EP1381190A1 - Method for accessing a virtual private network resource based on uniform resource identifiers - Google Patents

Method for accessing a virtual private network resource based on uniform resource identifiers Download PDF

Info

Publication number
EP1381190A1
EP1381190A1 EP02360207A EP02360207A EP1381190A1 EP 1381190 A1 EP1381190 A1 EP 1381190A1 EP 02360207 A EP02360207 A EP 02360207A EP 02360207 A EP02360207 A EP 02360207A EP 1381190 A1 EP1381190 A1 EP 1381190A1
Authority
EP
European Patent Office
Prior art keywords
vpn
uri
resource
access
accessing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02360207A
Other languages
German (de)
French (fr)
Inventor
Frans Westerhuis
Steven Vermeulen
Koen Handekyn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel CIT SA
Alcatel Lucent SAS
Original Assignee
Alcatel CIT SA
Alcatel SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel CIT SA, Alcatel SA filed Critical Alcatel CIT SA
Priority to EP02360207A priority Critical patent/EP1381190A1/en
Publication of EP1381190A1 publication Critical patent/EP1381190A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/35Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention relates to providing access to resources in a virtual private network by an extended notion of a uniform resource locator. More particularly, the present invention relates to a method, an adapter, a client terminal, an encoding application server, a network access server, a uniform resource identifier, a transfer protocol, a markup language, a user interface, and computer software products for accessing a virtual private network (VPN) resource based on a uniform resource identifier (URI).
  • VPN virtual private network
  • URI uniform resource identifier
  • Banner advertisement is the internal billboard placed on the Information Superhighway. Banners usually appear at the top of web pages. Banner advertising is one of the most well known and visible forms of advertising on the Internet today. They increase the visibility of the product or service is advertised, same like a magazine or TV advertisement. When a banner advertisement is clicked on, and the user is taken through to the advertiser web site this is termed a click-through.
  • the banner advertisement contains a short text or graphical message to attract the viewer to click on it and be swiftly transported to that particular web site.
  • VPN virtual private network
  • Carriers have been building VPNs that appear to be private national or international networks to their customers when they are, in fact, sharing backbone trunks with other customers.
  • VPNs feature the security of a private network via access control and encryption, while taking advantage of the economies of scale and built-in management facilities of large public networks.
  • IP Internet Protocol
  • a secure VPN is a communications network that is secured by encryption and authentication, and layered on existing IP networks such as the Internet, or through a service provider's network.
  • IP Security IP Security
  • IPSec IP Security
  • Basic IP-VPN security services include private network tunneling through the IP backbone and data encryption.
  • IP-VPN operators also offer authentication proxying, centrally managed firewall functions, undesirable URL blocking, etc. Access to such a VPN is typically provided by dedicated network access servers.
  • VPNs can be built over ATM, frame relay and X.25 technologies.
  • a current trend for carriers is to deploy Internet VPNs, IP-VPNs.
  • a portal To enter a network a portal, is needed. Such a portal offers a broad array of resources and services.
  • the first access portals were online services, such as AOL, that provided access to the Internet.
  • An example of an access portal is the Alcatel 5742 Personalized Service Selector (PSS), an software product that enables Digital Subscriber Line (DSL) access service providers to deliver value-added IP services to end users.
  • PSS is targeted to DSL access/service providers, who own an IP gateway.
  • Such a personalized and captive access portal facilitates the selection of and access to different services, e.g. VPNs or providers.
  • Those services include Internet access via an Internet Service Provider (ISP), log on to corporate network, video on demand, interactive gaming, software on demand, etc.
  • ISP Internet Service Provider
  • PSS facilitates the selection of and the access to IP Virtual Private Networks, e.g. corporate network, ISP, etc.
  • URL an abbreviation of Uniform Resource Locator
  • URL stands for a standardized way of specifying addresses of web pages, files, newsgroups, and even email users, e.g. http://www.alcatel.de.
  • Uniform Resource Identifier is the generic set of all names/addresses that are short strings that refer to resources within one network.
  • Uniform Resource Locator is an informal term (no longer used in technical specifications) associated with popular URI schemes, e.g. http:, ftp:, mailto:, etc. In this context an other term appears, Uniform Resource Name. That is either a URI that has an institutional commitment to persistence, availability, etc. or a particular scheme, e.g. urn:, specified by RFC2141 and related documents, intended to serve as persistent, location-independent, resource identifiers.
  • the central idea is to combine network/VPN specific information, down to layer 2 of OSI with the standard uniform resource identifier concept, as well as integrating the network access procedure.
  • URI Uniform Resource Identifier
  • VPN virtual private network
  • URI uniform resource identifier
  • the URI might identify a virtual private network syntactically by an authority access part or a query part.
  • the method is realized by Client Terminal , or alternatively, an Adapter , an encoding (web)Application Server , or a Network Access Server , where the devices for accessing network resources using an URI having VPN information for accessing a VPN resource comprising
  • URI Uniform Resource Identifier
  • transfer protocols e.g. http and markup languages, e.g. HTML, SGML, XML, etc.
  • markup languages e.g. HTML, SGML, XML, etc.
  • a transfer protocol for encoding, decoding, transmitting, and receiving data is necessary, comprising uniform resource identifiers comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource.
  • This transfer protocol according might be Hyper Text Transfer Protocol (http).
  • URls having VPN information will also be used in markup languages for structuring a document's character data into logical components that can then be named and referred.
  • the markup language comprising uniform resource identifiers comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource.
  • the preferred markup languages are Hyper Text Markup Language (HTML) , Extensible Hyper Text Markup Language (XHTML) , and Extensible Markup Language Specification (XML) .
  • a User Interface for accessing a VPN resource using an URI having VPN information comprising means for specifying said URI, e.g. hyper links, text fields, etc. and means for interactively guiding through a network access procedure, e.g. authentication, authorization, etc.
  • the User Interface optionally comprising depicting means for showing the accessed VPNs and access paths as well as accessible VPNs and optional access paths with their characteristics, e.g. quality of service, cost. security level, etc.).
  • Yet another embodiment of the invention is a C omputer Software Product for accessing a VPN resource using an URI having VPN information with components for extracting VPN information out of the URI, and establishing access to a VPN corresponding to the VPN information. And by a computer software product comprising components for requesting and/or receiving the by the URI identified resource.
  • Another advantage of the present invention is that the concept is in line with the already established click through / URL user metaphor. And the concept embeds well in established transport protocols and the markup languages
  • yet another advantage of the present invention is that the notation of URls can be used to associate VPNs with (web) services, e.g. in web sites.
  • DSL Digital Subscriber Lines
  • a Customer Premises Equipment refers to equipment that resides at the end-users location (home or office), e.g. DSL modems, DSL gateways, etc.
  • a Digital Subscriber Line Access Multiplexer (DSLAM) is an equipment located in the central office that provides DSL services.
  • a Personalized Service Selector (PSS) enables a DSL access/service provider to deliver DSL services.
  • a Broadband Network Access Server (BNAS) is a server that enables an independent service provider (ISP) to provide connected customers with Internet access.
  • a Service Management Center is carrier class management platform that enables network service providers (NSPs) to establish a port wholesaling service.
  • An authentication, authorization and accounting Server is a system to control what computer resources users have access to and to keep track of the activity of users over a network.
  • Hyper Text Transfer Protocol is the protocol by which web clients (browsers) and web servers communicate. It is stateless, meaning that it does not maintain a conversation between a given client and server, but it can be manipulated using scripting to appear as if state is being maintained. Do not confuse HTML (Markup language for our browser-based front ends), with HTTP (protocol used by clients and servers to send and receive messages over the Web). Graphical User Interface is what an end-user sees and interacts with when operating (interacting with) a software application. Sometimes referred to as the "front-end" of an application. HTML is the GUI standard for web-based applications. Link - A link is a relationship between two resources.
  • HTML links usually connect HTML documents together in this fashion (called a hyperlink), but links can link to any type of resource (documents, pictures, sound and video files, etc.) capable of residing at a Web address (URI).
  • URI Web address
  • a Markup is comprised of several "special characters” that are used to structure a document's character data into logical components that can then be labeled (named) so that they can be manipulated more easily by a software application.
  • a Markup Language is used to structure a document's character data into logical components, and "name” them in a manner that is useful.
  • labels provide either formatting information about how the character data should be visually presented (for a word processor or a web browser, for instance) or they can provide "semantic" (meaningful) information about what kind of data the component represents.
  • Markup languages provide a simple format for exchanging text-based character data that can be understood by both humans and machines.
  • a resource is anything addressable via a URI. Examples of resources are: documents, files, pictures, sounds, videos and databases.
  • Figure. 1 shows a commonly used the access network topology, a terminal client A1, a CPE A2, a DSLAM A3, a BNAS A4, with a PSS A5 and a SMC A6, NSP equipment A7, and multiple networks A8.
  • the terminal client A1 is connected via the CPE, e.g. an DSL modem with the DSLAM A3 multiplexing multiple subscriber lines for the BNAS A4 and the PSS A5.
  • the PSS enables an end-user access control over the BNAS A4, instructing the BNAS A4 using dedicated NSP equipment A7, e.g. an AAA server, etc., for accessing the networks A8.
  • the DSLAM A3 and the BNAS A4 together build an IP gateway.
  • the accessed networks A7 might be public like the Internet or private like a corporate network.
  • the PSS A5 is managed by the SMC A6.
  • FIG. 2 shows two windows of a PSS client B1 on the terminal client A1.
  • the first PSS client window contains a service selection option B2 and a login panel B3 of "MY ISP".
  • the second PSS client window contains a login panel B4 for a VPN.
  • the PSS client user interface enables an end-user to choose a provider and/or an network, e.g. a virtual private network or the Internet. At the same time it provides a user interface for authentication B3, B4.
  • FIG. 3 shows a navigator window of a Netscape browser C1.
  • the window contains a text area C3 for search terms, key words, or web addresses. It contains the virtual private network uniform resource identifier (VPN-URI) httn://secret.service/?vnnid--skvnet identifying the private network "skynet", and within that network the site "secret.service/”.
  • VPN-URI virtual private network uniform resource identifier
  • httn://secret.service/?vnnid--skvnet identifying the private network "skynet", and within that network the site "secret.service/”.
  • a pop-up window C2 is shown, asking for a user authentication to allow access.
  • FIG. 4 shows a schematic drawing of the terminal client A1 and the browser C1.
  • the terminal client A1 is connected via an adapter D1 containing a VPN-URI processor D2.
  • the browser provides a VPN-URI to the VPN-URI processor D2.
  • the VPN-URI processor is in charge to establish the corresponding VPN connection, if not already established, and to request an authentication, if required.
  • the browser receives and transmits as usual resources identified e.g. by uniform resource identifiers.
  • For non VPN-URIs the browser C1.
  • the adapter D1 provides therefore the networking interface.
  • the adapter D2 in this figure do not necessarily coincide with the CPE hardware A2 mentioned in Figure 1.
  • the adapter D2 might be for instance an operating system component or a VPN-URI decoder component for the CPE hardware A2.
  • FIG. 5 shows a schematic drawing of the terminal client A1' and the browser C1.
  • the terminal client A1' comprises a web application server E1 that contains the VPN-URI processor D2.
  • the VPN-URI processor D2 as well as the browser C1 is connected with an adapter D1'.
  • the local web application server E1 decodes the VPN-URI received from the browser C1, and the VPN-URI processor D2 instructs the adapter D1' to establish the corresponding connection.
  • the browser C1 can access directly VPN resources by using the adapter, or the web application server is enabled to serve requested VPN resources to the browser (client) C1 via the adapter D1' using the established connection.
  • the mechanism encodes VPN information in uniform resource locators (uniform resource identifiers) similar to the advertisement click-through mechanism mentioned above.
  • the technique according to the invention enhances the advertisement click-trough by enabling a network change and connection establishment.
  • URI Uniform Resource identifier
  • a hyper text reference carrying a VPN-URI in a HTML coded portal page the end-user is immediately transparently connected to the associated VPN.
  • VPN resources might require an authentication, authorization, and accounting procedure, e.g. implemented by VPN logon procedure to set-up a new connection, where after the requested service is provided in that VPN.
  • an authentication, authorization, and accounting procedure e.g. implemented by VPN logon procedure to set-up a new connection, where after the requested service is provided in that VPN.
  • the service/resource is provided immediately by that VPN.
  • a (software) component will process the VPN information included in the link. This component will interact with the VPN network access server to reach to the corresponding VPN. When the connection to VPN is established the actual resource request could be retrieved.
  • This software component can be deployed on a client terminal itself or a server, e.g. DSL modem.
  • the browser will first access the localhost, where localhost is an identifier for the local running web server.
  • the localhost will trigger the click-through software component.
  • the connection to VPN has been established, the actual resource request can be executed.
  • FIG. 6 shows a schematic drawing of a terminal client A1" comprising the browser C1, and it shows network access equipment, e.g. a personalizes service selector A5 or a broadband network access server A4, in general a network access server (NAS) comprising a VPN-URI processor D2.
  • network access equipment e.g. a personalizes service selector A5 or a broadband network access server A4, in general a network access server (NAS) comprising a VPN-URI processor D2.
  • NAS network access server
  • the VPN-URI processing might be implemented as a network access server functionality.
  • URI uniform resource identifier
  • Uniformity it allows different types of resource identifiers to be used in the same context, even when the mechanisms used to access those resources may differ; it allows uniform semantic interpretation of common syntactic conventions across different types of resource identifiers; it allows introduction of new types of resource identifiers without interfering with the way that existing identifiers are used; and, it allows the identifiers to be reused in many different contexts, thus permitting new applications or protocols to leverage a pre-existing, large, and widely-used set of resource identifiers.
  • the resource is the conceptual mapping to an entity or set of entities, not necessarily the entity which corresponds to that mapping at any particular instance in time.
  • Identifier is an object that can act as a reference to something that has identity.
  • the object is a sequence of characters with a restricted syntax. Having identified a resource, a system may perform a variety of operations on the resource, as might be characterized by such words as 'access', 'update', 'replace', or 'find attributes'.
  • the syntax notation and common element use two conventions to describe and define the syntax of URIs.
  • the first, called the layout form, is a general description of the order of components and component separators, as in ⁇ first>/ ⁇ second>; ⁇ third>? ⁇ fourth>
  • the second convention is a BNF-like grammar is used to define the formal URI syntax, see http://www. ietf.org/rfc/rfc822.txt (Backus-Naur notation (more commonly known as BNF or Backus-Naur Form) is a formal mathematical way to describe a language, which was developed by John Backus (and possibly Peter Naur as well) to describe the syntax of the Algol 60 programming language. A formal definition could be found in any introductory book about formal languages or compilers.)
  • This generic URI syntax consists of a sequence of four main components: ⁇ scheme>:// ⁇ authority> ⁇ path>? ⁇ query>
  • URI that are hierarchical in nature use the slash "/" character for separating hierarchical components.
  • the authority component is typically defined by an Internet-based server or a scheme-specific registry of naming authorities.
  • authority server
  • the authority component is preceded by a double slash “//” and is terminated by the next slash “/”, question-mark "?”, or by the end of the URI.
  • the characters ";”, “:”, “@”, "?”, and "/" are reserved.
  • URI schemes that involve the direct use of an IP-based protocol to a specified server on the Internet use a common syntax for the server component of the URI's scheme-specific data: ⁇ userinfo>@ ⁇ host>: ⁇ port> where ⁇ userinfo> may consist of a user name and, optionally, scheme-specific information about how to gain authorization to access the server.
  • the parts " ⁇ userinfo>@” and ": ⁇ port>” may be omitted.
  • server [ [ userinfo "@” ] hostport ]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to combine virtual private network specific information, down to layer 2 of OSI with the standard uniform resource identifier concept, as well as integrating and enhancing the network access procedure. It relates to a method for accessing a virtual private network (VPN) resource based on VPN information contained in a uniform resource identifier (URI) comprising the steps of extracting said VPN information out of the URI, establishing access to a VPN corresponding to said VPN information, if not already established, and requesting the by the URI identified resource. Further it relates to an adapter, a client terminal, an encoding application server, a network access server, a uniform resource identifier, corresponding markup languages and transfer protocols, a user interface, and computer software products for accessing virtual private network resources based on URIs.

Description

BACKGROUND OF THE INVENTION Field of the Invention
The present invention relates to providing access to resources in a virtual private network by an extended notion of a uniform resource locator. More particularly, the present invention relates to a method, an adapter, a client terminal, an encoding application server, a network access server, a uniform resource identifier, a transfer protocol, a markup language, a user interface, and computer software products for accessing a virtual private network (VPN) resource based on a uniform resource identifier (URI).
Background Click through
Banner advertisement is the internal billboard placed on the Information Superhighway. Banners usually appear at the top of web pages. Banner advertising is one of the most well known and visible forms of advertising on the Internet today. They increase the visibility of the product or service is advertised, same like a magazine or TV advertisement.
When a banner advertisement is clicked on, and the user is taken through to the advertiser web site this is termed a click-through. The banner advertisement contains a short text or graphical message to attract the viewer to click on it and be swiftly transported to that particular web site.
Example of an advertisement click-through might be
   http://advertisment.com/clickthrouah?url=http://product.com/article/?id=1234
When the user clicks on this URL, he/she will first access the advertisement web site, e.g. for marketing and statistical purposes, that will transparently forward him/her to the product web-site, showing the product information of the article with id=1234.
Private Networks
In a nutshell, a virtual private network (VPN) is a private network that is configured within a public network. Carriers have been building VPNs that appear to be private national or international networks to their customers when they are, in fact, sharing backbone trunks with other customers. VPNs feature the security of a private network via access control and encryption, while taking advantage of the economies of scale and built-in management facilities of large public networks.
The explosive growth of the Internet and the increase in telecommuting, corporate branch offices, and a mobile work force is revolutionizing business-to-business communications. The need to share information with employees, partners and customers worldwide is driving many organizations to deploy VPN technology over public Internet Protocol (IP) networks such as the Internet.
The ability to guarantee the privacy and protection of data is of the utmost importance when deploying services over the Internet where points of illegal entry can threaten sensitive communications. A secure VPN is a communications network that is secured by encryption and authentication, and layered on existing IP networks such as the Internet, or through a service provider's network. To combat security issues, the Internet Engineering Task Force (IETF) has developed the IP Security (IPSec) protocol suite. This set of IP extensions, which are based on modern cryptographic technologies, offer strong data authentication and privacy guarantees by securing the network, rather than just the applications. Basic IP-VPN security services include private network tunneling through the IP backbone and data encryption. IP-VPN operators also offer authentication proxying, centrally managed firewall functions, undesirable URL blocking, etc. Access to such a VPN is typically provided by dedicated network access servers. VPNs can be built over ATM, frame relay and X.25 technologies. A current trend for carriers is to deploy Internet VPNs, IP-VPNs.
ZUSATZBLATT 19 -Zusatzliche Vertreter
  • KNECHT Ulrich Karl (AV 38298)
  • SCHMIDT Werner (AV 38298)
  • VILLINGER Bernhard (AV 38299)
  • BROSE Gerhard (AV 38299)
  • KUGLER Hermann (AV 38299)
  • MENZIETTI Domenico (AV 38299)
  • RAUSCH Dr. Gabriele (AV 38299)
  • SCHÄTZLE Albin (AV 38299)
  • SCHULTENKAMPER Johannes (AV 38299)
  • URLICHS Stefan (AV 38299)
    • Network Access System
    To enter a network a portal, is needed. Such a portal offers a broad array of resources and services. The first access portals were online services, such as AOL, that provided access to the Internet.
    An example of an access portal is the Alcatel 5742 Personalized Service Selector (PSS), an software product that enables Digital Subscriber Line (DSL) access service providers to deliver value-added IP services to end users. The PSS is targeted to DSL access/service providers, who own an IP gateway.
    Such a personalized and captive access portal facilitates the selection of and access to different services, e.g. VPNs or providers. Those services include Internet access via an Internet Service Provider (ISP), log on to corporate network, video on demand, interactive gaming, software on demand, etc. Especially the PSS facilitates the selection of and the access to IP Virtual Private Networks, e.g. corporate network, ISP, etc.
    Resource Identifier
    Addressing resources in networks, is well known since the Internet and browsers became public. The term URL, an abbreviation of Uniform Resource Locator, stands for a standardized way of specifying addresses of web pages, files, newsgroups, and even email users, e.g. http://www.alcatel.de.
    Technically, the correct term is URI, for Uniform Resource Identifier. The World Wide Web Consortium provides an overview of materials related to addressing, accessible via the URI
       http://www.w3.org/Addressing/
    The Internet Engineering Task Force provides standardization and drafts respectively at
       http://www.ietf.org/
    A Uniform Resource Identifier is the generic set of all names/addresses that are short strings that refer to resources within one network. Uniform Resource Locator is an informal term (no longer used in technical specifications) associated with popular URI schemes, e.g. http:, ftp:, mailto:, etc. In this context an other term appears, Uniform Resource Name. That is either a URI that has an institutional commitment to persistence, availability, etc. or a particular scheme, e.g. urn:, specified by RFC2141 and related documents, intended to serve as persistent, location-independent, resource identifiers.
    Technical Problem
    However, services like advertisements, www services, intranet services, applications, etc. offered in access portals like the Alcatel 5742 PSS, are often located in different IP VPNs. The state of the art resource identification provide no identification mechanism to access a resource from outside an IP VPN. The end-user first has to connect to the right VPN, before able to access the services.
    From a user's perspective it would be nice to access a VPN via entering e.g. a URI in a browser, or following a hyper link using an already existing connection or forcing a connection establishment. This access feature is called in the following click-trough access, according to the above described advertising technique.
    BRIEF DESCRIPTION OF THE INVENTION
    The central idea is to combine network/VPN specific information, down to layer 2 of OSI with the standard uniform resource identifier concept, as well as integrating the network access procedure.
    This is archived by the invented Uniform Resource Identifier (URI) comprising a part for identifying a virtual private network where a resource is located, a part for the access to said virtual private network, and a part for identifying said resource; As well as the invented Method for accessing a virtual private network (VPN) resource characterized in using a uniform resource identifier (URI) having VPN information comprising the steps of
    • extracting said VPN information out of the URI
    • establishing access to a VPN corresponding to said VPN information, if not already established, and
    • requesting the resource identified by the URI.
    It is part of the invention that the URI might identify a virtual private network syntactically by an authority access part or a query part.
    It is a further part of the invention that the method is realized by Client Terminal, or alternatively, an Adapter, an encoding (web)Application Server, or a Network Access Server, where the devices for accessing network resources using an URI having VPN information for accessing a VPN resource comprising
    • an interpreter or decoder for extracting a VPN information out of a URI
    • a connector for establishing access to a VPN corresponding to said VPN information, and
    • a requestor for requesting the resource identified by the URI.
    To be able to communicate the URI is used in transfer protocols, e.g. http and markup languages, e.g. HTML, SGML, XML, etc. Hence there are further embodiments of the invention concerning Transfer Protocol and Markup Language extensions.
    A transfer protocol for encoding, decoding, transmitting, and receiving data is necessary, comprising uniform resource identifiers comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource. This transfer protocol according might be Hyper Text Transfer Protocol (http).
    URls having VPN information will also be used in markup languages for structuring a document's character data into logical components that can then be named and referred. Hence the markup language comprising uniform resource identifiers comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource. The preferred markup languages are Hyper Text Markup Language (HTML), Extensible Hyper Text Markup Language (XHTML), and Extensible Markup Language Specification (XML).
    It is another embodiment of the invention to enhance a User Interface making the extended URls accessible and usable to a end-user.
    It is another part of the invention that a User Interface for accessing a VPN resource using an URI having VPN information comprising means for specifying said URI, e.g. hyper links, text fields, etc. and means for interactively guiding through a network access procedure, e.g. authentication, authorization, etc.
    It is yet another part of the invention that the User Interface optionally comprising depicting means for showing the accessed VPNs and access paths as well as accessible VPNs and optional access paths with their characteristics, e.g. quality of service, cost. security level, etc.).
    The method is implemented by a corresponding hardware or software. Yet another embodiment of the invention is a Computer Software Product for accessing a VPN resource using an URI having VPN information with components for extracting VPN information out of the URI, and establishing access to a VPN corresponding to the VPN information. And by a computer software product comprising components for requesting and/or receiving the by the URI identified resource.
    OBJECTS AND ADVANTAGES OF THE INVENTION
    Accordingly, it is an object and advantage of the present invention to provide a simple, fast, and user-friendly click-through access to services located in different VPNs. This will decrease the threshold of consuming services.
    Another advantage of the present invention is that the concept is in line with the already established click through / URL user metaphor. And the concept embeds well in established transport protocols and the markup languages
    Hence, yet another advantage of the present invention is that the notation of URls can be used to associate VPNs with (web) services, e.g. in web sites.
    These and many other objects and advantages of the present invention will become apparent to those of ordinary skill in the art from a consideration of the drawings and ensuing description.
    BRIEF DESCRIPTION OF THE FIGURES
  • Figure. 1 is a schematic drawing of a prior art access network context and especially the components used in an access network scenario.
  • Figure. 2 is a screen shot of a prior art personalized selection server client application.
  • Figure. 3 is a screen shot of a Netscape browser, requesting a user authentication for accessing a virtual private network, relating to the invention.
  • Figure. 4 is a schematic drawing of a terminal client centric adapter VPN-URI processing architecture, relating to the invention.
  • Figure. 5 is a schematic drawing of a terminal client centric application server VPN-URI processing architecture, relating to the invention.
  • Figure. 6 is a schematic drawing of a network access server centric VPN-URI processing architecture, relating to the invention.
    • DETAILED DESCRIPTION OF THE INVENTION
    Those of ordinary skill in the art will realize that the following description of the present invention is illustrative only and is not intended to be in any way limiting. Other embodiments of the invention will readily suggest themselves to such skilled persons from an examination of the within disclosure.
    Access Terminology
    Digital Subscriber Lines (DSL) carry data at high speeds over standard copper telephone wires.
    A Customer Premises Equipment (CPE) refers to equipment that resides at the end-users location (home or office), e.g. DSL modems, DSL gateways, etc.
    A Digital Subscriber Line Access Multiplexer (DSLAM) is an equipment located in the central office that provides DSL services.
    A Personalized Service Selector (PSS) enables a DSL access/service provider to deliver DSL services.
    A Broadband Network Access Server (BNAS) is a server that enables an independent service provider (ISP) to provide connected customers with Internet access.
    A Service Management Center (SMC) is carrier class management platform that enables network service providers (NSPs) to establish a port wholesaling service.
    An authentication, authorization and accounting Server (AAA Server) is a system to control what computer resources users have access to and to keep track of the activity of users over a network.
    Web Data Presentation Terminology
    Hyper Text Transfer Protocol (HTTP) is the protocol by which web clients (browsers) and web servers communicate. It is stateless, meaning that it does not maintain a conversation between a given client and server, but it can be manipulated using scripting to appear as if state is being maintained. Do not confuse HTML (Markup language for our browser-based front ends), with HTTP (protocol used by clients and servers to send and receive messages over the Web).
    Graphical User Interface is what an end-user sees and interacts with when operating (interacting with) a software application. Sometimes referred to as the "front-end" of an application. HTML is the GUI standard for web-based applications.
    Link - A link is a relationship between two resources. HTML links usually connect HTML documents together in this fashion (called a hyperlink), but links can link to any type of resource (documents, pictures, sound and video files, etc.) capable of residing at a Web address (URI).
    A Markup is comprised of several "special characters" that are used to structure a document's character data into logical components that can then be labeled (named) so that they can be manipulated more easily by a software application.
    A Markup Language is used to structure a document's character data into logical components, and "name" them in a manner that is useful. These labels (element names) provide either formatting information about how the character data should be visually presented (for a word processor or a web browser, for instance) or they can provide "semantic" (meaningful) information about what kind of data the component represents. Markup languages provide a simple format for exchanging text-based character data that can be understood by both humans and machines.
    A resource is anything addressable via a URI. Examples of resources are: documents, files, pictures, sounds, videos and databases.
    Figure. 1 shows a commonly used the access network topology, a terminal client A1, a CPE A2, a DSLAM A3, a BNAS A4, with a PSS A5 and a SMC A6, NSP equipment A7, and multiple networks A8.
    The terminal client A1 is connected via the CPE, e.g. an DSL modem with the DSLAM A3 multiplexing multiple subscriber lines for the BNAS A4 and the PSS A5. The PSS enables an end-user access control over the BNAS A4, instructing the BNAS A4 using dedicated NSP equipment A7, e.g. an AAA server, etc., for accessing the networks A8. The DSLAM A3 and the BNAS A4 together build an IP gateway. The accessed networks A7 might be public like the Internet or private like a corporate network. The PSS A5 is managed by the SMC A6.
    Figure. 2 shows two windows of a PSS client B1 on the terminal client A1. The first PSS client window contains a service selection option B2 and a login panel B3 of "MY ISP". The second PSS client window contains a login panel B4 for a VPN.
    The PSS client user interface enables an end-user to choose a provider and/or an network, e.g. a virtual private network or the Internet. At the same time it provides a user interface for authentication B3, B4.
    Figure. 3 shows a navigator window of a Netscape browser C1. The window contains a text area C3 for search terms, key words, or web addresses. It contains the virtual private network uniform resource identifier (VPN-URI)
       httn://secret.service/?vnnid--skvnet
    identifying the private network "skynet", and within that network the site "secret.service/". Furthermore a pop-up window C2 is shown, asking for a user authentication to allow access.
    Figure. 4 shows a schematic drawing of the terminal client A1 and the browser C1. The terminal client A1 is connected via an adapter D1 containing a VPN-URI processor D2.
    The browser provides a VPN-URI to the VPN-URI processor D2. The VPN-URI processor is in charge to establish the corresponding VPN connection, if not already established, and to request an authentication, if required. When the VPN connection is established the browser receives and transmits as usual resources identified e.g. by uniform resource identifiers. For non VPN-URIs the browser C1. The adapter D1 provides therefore the networking interface.
    Note that the adapter D2 in this figure do not necessarily coincide with the CPE hardware A2 mentioned in Figure 1. The adapter D2 might be for instance an operating system component or a VPN-URI decoder component for the CPE hardware A2.
    Figure. 5 shows a schematic drawing of the terminal client A1' and the browser C1. The terminal client A1' comprises a web application server E1 that contains the VPN-URI processor D2. The VPN-URI processor D2 as well as the browser C1 is connected with an adapter D1'.
    The local web application server E1 decodes the VPN-URI received from the browser C1, and the VPN-URI processor D2 instructs the adapter D1' to establish the corresponding connection. When the connection is established, either the browser C1 can access directly VPN resources by using the adapter, or the web application server is enabled to serve requested VPN resources to the browser (client) C1 via the adapter D1' using the established connection.
    Following the illustrating use case mentioned in the background part, the shown solutions solve the stated problem. The mechanism encodes VPN information in uniform resource locators (uniform resource identifiers) similar to the advertisement click-through mechanism mentioned above. The technique according to the invention enhances the advertisement click-trough by enabling a network change and connection establishment.
    Using the URI according to the invention, it is possible to extend accordingly markup languages, e.g. Hyper Text Markup Language (HTML), and the respective transfer protocols, e.g. http.
    Using the extensions would enable a end-user clicking on a VPN information enhanced link, e.g. a hyper text reference carrying a VPN-URI in a HTML coded portal page, the end-user is immediately transparently connected to the associated VPN. Such an hyper text reference might look like
       <a href = "http://secret.service/?vpnid=skynet"> Secret Service Network </a>
    To access VPN resources might require an authentication, authorization, and accounting procedure, e.g. implemented by VPN logon procedure to set-up a new connection, where after the requested service is provided in that VPN. In case where the end-user is already connected to the associated VPN the service/resource is provided immediately by that VPN.
    A (software) component will process the VPN information included in the link. This component will interact with the VPN network access server to reach to the corresponding VPN. When the connection to VPN is established the actual resource request could be retrieved. This software component can be deployed on a client terminal itself or a server, e.g. DSL modem.
    In a client centric solution the client terminal processes URI encoded VPN accesses the click-through application, e.g. by running an application web server locally that is able to encode the VPN information and to establish a connection. Then the uniform resource identifier might look like
       http://localhost/clickthrough ? vpnid=skynet ?"url=http://advertisment.com/clickthrouah?url=h ttp://product.com/article/?id=1234".
    Where "vpnid=skynet" a name value pair to specify a particular VPN to be accessed, and the advertisement click-through:
       http://advertisment.com/clickthrough?url=http://product.com/article/?id=1234 is proceed as described in the Background part.
    In this example, the browser will first access the localhost, where localhost is an identifier for the local running web server. The localhost will trigger the click-through software component. This component will process the VPN information included in the URI, e.g. vpnid=skynet, and will interact with a VPN network access server to connect to the corresponding VPN. When the connection to VPN has been established, the actual resource request can be executed. Hence, in the example, a user will access the advertisement web site, for marketing and statistical purposes, that will transparently forward her to the product web-site, showing the product information of article id=1234, although the site is located in the skynet VPN.
    Figure. 6 shows a schematic drawing of a terminal client A1" comprising the browser C1, and it shows network access equipment, e.g. a personalizes service selector A5 or a broadband network access server A4, in general a network access server (NAS) comprising a VPN-URI processor D2.
    From a standardization and a technical point of view it is advantageous to extend the hyper text transfer protocol and the uniform resource identifier enabling the handling of arbitrary VPN topologies. Currently an IP address is decoded from a URI. This invention extends this concept of identifying a location in a IP network by identifying virtual private networks.
    When the current URI syntax and semantic is extended in this way unifying the access to VPNs, the VPN-URI processing might be implemented as a network access server functionality.
    Currently a uniform resource identifier (URI) is defined as a string of characters for identifying an abstract or physical resource within a network. URI are characterized by the following definitions:
    Uniformity: it allows different types of resource identifiers to be used in the same context, even when the mechanisms used to access those resources may differ; it allows uniform semantic interpretation of common syntactic conventions across different types of resource identifiers; it allows introduction of new types of resource identifiers without interfering with the way that existing identifiers are used; and, it allows the identifiers to be reused in many different contexts, thus permitting new applications or protocols to leverage a pre-existing, large, and widely-used set of resource identifiers. The resource is the conceptual mapping to an entity or set of entities, not necessarily the entity which corresponds to that mapping at any particular instance in time.
    Identifier: is an object that can act as a reference to something that has identity. In the case of URI, the object is a sequence of characters with a restricted syntax. Having identified a resource, a system may perform a variety of operations on the resource, as might be characterized by such words as 'access', 'update', 'replace', or 'find attributes'.
    The syntax notation and common element use two conventions to describe and define the syntax of URIs. The first, called the layout form, is a general description of the order of components and component separators, as in
       <first>/<second>;<third>?<fourth>
    The second convention is a BNF-like grammar is used to define the formal URI syntax, see
       http://www. ietf.org/rfc/rfc822.txt
    (Backus-Naur notation (more commonly known as BNF or Backus-Naur Form) is a formal mathematical way to describe a language, which was developed by John Backus (and possibly Peter Naur as well) to describe the syntax of the Algol 60 programming language. A formal definition could be found in any introductory book about formal languages or compilers.)
    The URI syntax is dependent upon the scheme. In general, absolute URI are written as follows:
       <scheme>:<scheme-specific-part>
    This generic URI syntax consists of a sequence of four main components:
       <scheme>://<authority><path>?<query>
    URI that are hierarchical in nature use the slash "/" character for separating hierarchical components.
    The authority component is typically defined by an Internet-based server or a scheme-specific registry of naming authorities.
       authority = server | reg_name
    The authority component is preceded by a double slash "//" and is terminated by the next slash "/", question-mark "?", or by the end of the URI. Within the authority component, the characters ";", ":", "@", "?", and "/" are reserved.
    URI schemes that involve the direct use of an IP-based protocol to a specified server on the Internet use a common syntax for the server component of the URI's scheme-specific data:
       <userinfo>@<host>:<port>
    where <userinfo> may consist of a user name and, optionally, scheme-specific information about how to gain authorization to access the server. The parts "<userinfo>@" and ":<port>" may be omitted.
       server = [ [ userinfo "@" ] hostport ]
    Further details can be found in e.g. http:llwww.ietf.org/rfc/rfc2396.txt
    As illustrated in the example above one might embed the VPN part into the query part.

    Claims (20)

    1. A Method for accessing a virtual private network (VPN) resource characterized in using a uniform resource identifier (URI) having VPN information comprising the steps of
      extracting said VPN information out of the URI (C3)
      establishing access to a VPN (A8) corresponding to said VPN information, if not already established, and
      requesting the resource identified by the URI (C3).
    2. A Uniform Resource Identifier comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource.
    3. The Uniform Resource Identifier according to Claim 2 where the part for identifying a virtual private network syntactically is an authority access path.
    4. The Uniform Resource Identifier according to Claim 2 where the part for identifying a virtual private network syntactically is an query part.
    5. A Client Terminal (A1, A1', A1") for accessing network resources characterized in that said client terminal comprising
      an interpreter (D2) for extracting a VPN information out of a URI (C3)
      a connector (D2) for establishing access to a VPN (AS) corresponding to said VPN information, and
      a requestor (C1, D2) for requesting the resource identified by the URI (C3)
      using said URI having VPN information for accessing a VPN resource.
    6. An Adapter (D1) for establishing network connections characterized in that said adapter comprising
      a decoder (D2) for extracting a VPN information out of a URI (C3)
      a connector (D2) for establishing access to a VPN (A8) corresponding to said VPN information, and
      a requestor (C1, D2) for requesting the resource identified by the URI (C3)
      using said URI having VPN information for accessing a VPN resource.
    7. An Encoding Application Server (E1) for accessing a VPN resource characterized in that said encoding application server comprising
      an interpreter (D2) for extracting a VPN information out of a URI (C3)
      a connector (D2) for establishing access to a VPN (A8) corresponding to said VPN information, and
      a requestor (C1, D2) for requesting the resource identified by the URI (C3)
      using said URI having VPN information for accessing a VPN resource.
    8. An Network Access Server (A4, A5) as an access portal for accessing a VPN characterized in that said network access server comprising
      an interpreter (D2) for extracting a VPN information out of a URI (C3)
      a connector (D2) for establishing access to a VPN (A8) corresponding to said VPN information, and
      a requestor (C1, D2) for requesting the resource identified by the URI (C3)
      using said URl having VPN information for accessing a VPN resource.
    9. A Transfer Protocol for encoding, decoding, transmitting, and receiving data characterized in comprising uniform resource identifiers comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource.
    10. The Transfer Protocol according to Claim 9 where the transfer protocol is Hyper Text Transfer Protocol (http).
    11. A Markup Language for structuring a document's character data into logical components that can then be named and referred characterized in that said markup language comprising uniform resource identifiers comprising a part for identifying a virtual private network where a resource is located, a part for identifying the access to said virtual private network, and a part for identifying said resource.
    12. The Markup Language according to Claim 11 where the markup language is Hyper Text Markup Language (HTML) or Extensible Hyper Text Markup Language (XHTML).
    13. The Markup Language according to Claim 1 1 where the markup language is Extensible Markup Language Specification (XML).
    14. A User Interface (C1, C2, C3) for accessing a VPN resource using an URI having VPN information comprising means for specifying said URI (links, text fields, etc.) and means for interactively guiding through a network access procedure (authentication, authorization, and accounting).
    15. The User Interface (C1, C2, C3) according to Claim 13. comprising depicting means for showing the accessed VPNs with their characteristics (quality of service, cost. etc.).
    16. The User Interface (C1, C2, C3) according to Claim 13. comprising depicting means for showing the access paths with their characteristics (quality of service, cost. etc.).
    17. The User Interface (C1, C2, C3) according to Claim 13. comprising depicting means for showing the accessible VPNs with their characteristics (quality of service, cost. etc.).
    18. The User Interface (C1, C2, C3) according to Claim 13. comprising depicting means for showing the optional access paths for a VPN are shown with their characteristics (quality of service, cost. etc.) .
    19. A Computer Software Product for accessing a VPN resource using an URI having VPN information according to Claim 5 with components for
      extracting said VPN information out of the URI, and
      establishing access to a VPN corresponding to said VPN information.
    20. A Computer Software Product for accessing a VPN resource using an URI having VPN information according to Claim 5 comprising components for requesting and/or receiving the by the URI identified resource.
    EP02360207A 2002-07-12 2002-07-12 Method for accessing a virtual private network resource based on uniform resource identifiers Withdrawn EP1381190A1 (en)

    Priority Applications (1)

    Application Number Priority Date Filing Date Title
    EP02360207A EP1381190A1 (en) 2002-07-12 2002-07-12 Method for accessing a virtual private network resource based on uniform resource identifiers

    Applications Claiming Priority (1)

    Application Number Priority Date Filing Date Title
    EP02360207A EP1381190A1 (en) 2002-07-12 2002-07-12 Method for accessing a virtual private network resource based on uniform resource identifiers

    Publications (1)

    Publication Number Publication Date
    EP1381190A1 true EP1381190A1 (en) 2004-01-14

    Family

    ID=29724584

    Family Applications (1)

    Application Number Title Priority Date Filing Date
    EP02360207A Withdrawn EP1381190A1 (en) 2002-07-12 2002-07-12 Method for accessing a virtual private network resource based on uniform resource identifiers

    Country Status (1)

    Country Link
    EP (1) EP1381190A1 (en)

    Cited By (3)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    WO2006058429A1 (en) * 2004-12-02 2006-06-08 Desktopsites Inc. System and method for launching a resource in a network
    WO2009118023A1 (en) * 2008-03-25 2009-10-01 Nokia Siemens Networks Oy Dynamic discovery of quality of service nodes
    US8732182B2 (en) 2004-12-02 2014-05-20 Desktopsites Inc. System and method for launching a resource in a network

    Citations (3)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    EP0838930A2 (en) * 1996-10-25 1998-04-29 Digital Equipment Corporation Pseudo network adapter for frame capture, encapsulation and encryption
    EP1049036A2 (en) * 1999-04-29 2000-11-02 Citibank, N.A. System and method for web trading
    WO2002050695A1 (en) * 2000-12-20 2002-06-27 Talk2 Technology, Inc. Spontaneous virtual private network between portable device and enterprise network

    Patent Citations (3)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    EP0838930A2 (en) * 1996-10-25 1998-04-29 Digital Equipment Corporation Pseudo network adapter for frame capture, encapsulation and encryption
    EP1049036A2 (en) * 1999-04-29 2000-11-02 Citibank, N.A. System and method for web trading
    WO2002050695A1 (en) * 2000-12-20 2002-06-27 Talk2 Technology, Inc. Spontaneous virtual private network between portable device and enterprise network

    Cited By (6)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    WO2006058429A1 (en) * 2004-12-02 2006-06-08 Desktopsites Inc. System and method for launching a resource in a network
    US7912822B2 (en) 2004-12-02 2011-03-22 Desktopsites Inc. System and method for launching a resource in a network
    US8306961B2 (en) 2004-12-02 2012-11-06 desktopsites, Inc. System and method for launching a resource in a network
    US8732182B2 (en) 2004-12-02 2014-05-20 Desktopsites Inc. System and method for launching a resource in a network
    WO2009118023A1 (en) * 2008-03-25 2009-10-01 Nokia Siemens Networks Oy Dynamic discovery of quality of service nodes
    US8260889B2 (en) 2008-03-25 2012-09-04 Nokia Siemens Networks Oy Dynamic discovery of quality of service nodes

    Similar Documents

    Publication Publication Date Title
    US9860251B2 (en) Dynamic encryption of a universal resource locator
    US5964891A (en) Diagnostic system for a distributed data access networked system
    EP1706832B1 (en) Improved user interface
    US6226677B1 (en) Controlled communications over a global computer network
    Gralla How the Internet works
    EP1114545B1 (en) Method and system for injecting external content into computer network interactive sessions
    US6453335B1 (en) Providing an internet third party data channel
    US5884035A (en) Dynamic distributed group registry apparatus and method for collaboration and selective sharing of information
    US7188179B1 (en) System and method for providing service provider choice over a high-speed data connection
    US20080034420A1 (en) System and method of portal customization for a virtual private network device
    US20070180147A1 (en) System for insertion of advertising content in user-requested internet web pages
    US20010027474A1 (en) Method for clientless real time messaging between internet users, receipt of pushed content and transacting of secure e-commerce on the same web page
    US20030135548A1 (en) System and method for disseminating knowledge over a global computer network
    JP2010154569A (en) System and method for redirecting user attempting accessing network site
    WO1998043271A1 (en) Universal domain routing and publication control system
    Protocol Internet
    US20030187976A1 (en) Tracking users at a web server network
    EP1381190A1 (en) Method for accessing a virtual private network resource based on uniform resource identifiers
    US7840645B1 (en) Methods and apparatus for providing content over a computer network
    JP5191076B2 (en) Information providing apparatus and method
    Cisco SESM Features
    AU2006207853B2 (en) Systems and methods for redirecting users attempting to access a network site
    Cisco Content Request Gateway Software Features
    Fisher Spinning the Web: a guide to serving information on the World Wide Web
    KR100734965B1 (en) Systems and methods for redirecting users attempting to access a network site

    Legal Events

    Date Code Title Description
    PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

    Free format text: ORIGINAL CODE: 0009012

    AK Designated contracting states

    Kind code of ref document: A1

    Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SK TR

    AX Request for extension of the european patent

    Extension state: AL LT LV MK RO SI

    AKX Designation fees paid
    REG Reference to a national code

    Ref country code: DE

    Ref legal event code: 8566

    STAA Information on the status of an ep patent application or granted ep patent

    Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

    18D Application deemed to be withdrawn

    Effective date: 20040715